I understand the issues with trusting software to generate randomness. However, we trust 1Password's RNG for the security of our keychains. Is it in some way "more bad" to trust it to generate diceware numbers?

If not, then can we please have a new feature in the 1P Password Generator to generate a diceware password? Options for English only and multilingual lists would be nice.

Well then consider either pronounceable or Diceware as a feature request for Windows. Note that when Diceware is done by computer, we don't need to limit the list to 7776 items. Nouns and adjectives are easier to remember. I'll try to construct a list. [Note to self: Remember to remove profanity, just as in pronounceable, we never let "f" start a syllable]

Perhaps I should also try to put together a list for Hungarian, but there removing the profanity would leave nothing left of the language.

I would like to solicit opinions on "pronounceable" versus "diceware". I'm not sure that we would keep both if we introduced Diceware into the Strong Password Generator.

Personally I don't see the need for both as they both cover the same need; to produce a password that a human can remember. Since Diceware is the recommended technique, I'd suggest simply going with that.

I need to do the math on FIPS-181 (or find someone who has). It may be that "pronounceable" are significantly stronger than Diceware. And advantage of Diceware is that it doesn't need a computer. But if you have a computer, it may make sense to avoid tying yourself to the non-computer constraint.

lol, it should work on Mono. I don't think I've used any Windows specific code. That's why there's two separate project for gui and console. If you set it as a gui project, you can't access the console and if you set it as a console project there's no way to close the console window after you've start the gui. The only solution I found was to directly call the FreeConsole API function, but that was unlikely to be portable.

It's easy to understand for non-nerds, and the correct-horse-battery-staple story is everywhere. The key is getting the randomeness right, and that's where 1password saves the day. (Otherwise we end up with unique inventions like messy-keyboard-chair-plant, or song lyrics or whatever.) Might want to strongly discourage passphrases shorter than 4 words.

Regarding the "pronoucable" math, I wish I had a better sense of how long those should be. It would be awesome if 1password provided an entropy calculator for all its various types of generated passwords. Maybe as a power user option.

There is, of course, an advantage to adding additional variance, but the question is whether that gain is worth the cost in memorability/typeability.

The word list used in the current 1Password for Windows beta has 17679 words on it, so that is approximately 14 bits per word. A password that is four words long will then have 56 bits of entropy. This is enormous for a password. (It's small for an encryption key.) At 20,000 guesses per second, that would take more than 300,000 years to get half way through.

If we say that one of the four words will be capitalized than we add 2 bits. Sure that is something (indeed, it changes things from 300,000 years to 1.2 million years), but is it worth having to shift from lowercase to uppercase on a mobile keyboard? That is a choice you have to make for yourself. You might reasonably say that yes it is.

When it comes to playing with punctuation, you have to ask whether the increased typing and memory difficulty is better than just adding another word. Again, you have to decide that for yourself.

I would recommend that if you do something like this you should decide beforehand what kinds of changes you would make. Then you should pick at random (not out of your head) which specific change. For example, you might say that you will capitalize one word first. Then you will flip coins or roll a die to pick which word,

The key is getting the randomeness right, and that's where 1password saves the day. (Otherwise we end up with unique inventions like messy-keyboard-chair-plant, or song lyrics or whatever.)

Yep. Even when people know that should pick randomly they fail. For example, if you ask people to pick these things randomly and stress that they should avoid things like what you describe, they will still tend to pick concrete nouns for almost all the words and perhaps a simple adjective.

This is the problem with the XKCD comic. Those who already understand the issue didn't need, and almost everyone else thinks that they should pick words from their heads.

Regarding the "pronoucable" math, I wish I had a better sense of how long those should be. It would be awesome if 1password provided an entropy calculator for all its various types of generated passwords.

Yep. This is something I would like to see as well, but it isn't something I can promise that we will do. One of the issues with this is that as soon as someone manually edits a generated password, we have to treat it as human created. So if you generate a password like j=CA4freo;2MEemM*G and discover that the service you use won't accept an "=" so you change it to a "/", we would have to treat the original as generated and the modified as not-generated. The calculated strength of a generated password would be based only on the recipe used for its creation and would never need to know the password.

I would recommend that if you do something like this you should decide beforehand what kinds of changes you would make. Then you should pick at random (not out of your head) which specific change. For example, you might say that you will capitalize one word first. Then you will flip coins or roll a die to pick which word,

@jpgoldberg Where I was going with this was that if the increase in entropy was worthwhile then an option on the generator to do random capital and punctuation would be good. However, from what you said, it sounds like the practical benefit would be negligible. @DBrown might do me harm if I keep suggesting more option without it being absolutely vital!

I could imagine offering symbol separators and randomly chosen initial capitalization as options, but @DBrown is absolutely correct. One reason why 1Password works so well for so many people is that we are very cautious about adding options. There is always room for "one more option", but when you start thinking that way, you end up with dozens of advanced options that just scare people away. So this needs to be done cautiously.

@grgz, We still want to offer some guidance on password strength for human created passwords, so we have to find a way to do this which doesn't add to confusion. But I definitely like the idea of offering exact entropy in those cases where we can. Like you, I hope to see it happen, but I can't promise anything.

Yeah it's a tricky usability problem. I think the average person is in dire need of better, more-current advice about how strong to make their passwords/passphrases. There's a ton of voodoo advice on the internets. But you don't want to scare them off with too much complexity.

What makes "pronounceable" passwords pronounceable in 1Password? I can't pronounce any of them or remember any of them, especially when I get to the length of the ones I have them set to (12-20 characters). The Apple keychain password helper has real pronounceable, memorable passwords. Also, when I use my "recipes" window, I have a problem when the website limits the kinds of symbols that I can use because 1Password doesn't allow me to do anything about it. I have to keep on futzing around with the slider until I finally get to the password that works. Meanwhile, I'm usually logged out several times. Anything to do about that?

We're looking at adding a Diceware option in 1Password for Mac like the one in 1Password 4 for Windows (currently in beta and referenced by John in his post directly preceding yours). It sounds like that would be something you would appreciate.

We don't normally discuss future plans, but thank you for letting us know you too are interested in this. If we can be of further assistance, please let us know. We are always here to help!

What makes "pronounceable" passwords pronounceable in 1Password? I can't pronounce any of them or remember any of them, especially when I get to the length of the ones I have them set to (12-20 characters).

Yes--that is partly why I vote for Diceware. Generally more pronounceable and more easily memorized, for me at least. I would be satisfied with a random generator for just the regular Diceware word list.

1Password should offer a password-generation option of "pseudo-Diceware," driven by cryptographically-secure pseudo-random numbers. This would cover those passphrases used both from memory and from 1Password.

The upshot of those two discussions is, roughly, that there are two kinds of passwords:

Ones you have to memorize, for which a careful, doctrinaire Diceware approach is good

Ones 1Password saves you from having to memorize, so let it generate un-memorable goop

In theory, 1Password reduces group #1 to solely the 1Password "Master Password."

But "the difference between theory and reality is less in theory than in reality." In my world there is a third class of passwords: ones I have to use at several access points, some with 1Password available, some not. I need these memorable for the inaccessible times (like logging into my laptop), but can, must, and do use them through 1Password at other times (like logging into company websites). Call these "class 1.5". I do in fact use Diceware to generate class-1.5 passwords (passphrases), type them from memory for the class-1 uses, and load them into 1P for the class-2 uses.

But a pseudo-Diceware system, with cryptographically-secure pseudo-random numbers in place of the dice, would be very strong, and more convenient than messing with dice.

This is a great suggestion, @jackr‌! In fact, Diceware is already an option in the 1Password 4 for Windows Beta. I'll make sure your vote is tallied to see it on other platforms as well. I've also merged your post with this existing thread, so we can keep the discussion in one place.